<?php

uses('sanitize');

class CustomersController extends AppController {

	var $name = 'Customers';
	var $helpers = array('Html', 'Form', 'Ajax' );
	var $components = array('Acl', 'Security', 'RequestHandler');

	function beforeFilter()
	{
		$this->Security->requirePost('ajaxadd');
		//$this->Security->requireAuth('order');
		$this->Security->blackHoleCallback = 'invalid';
	}

	function invalid()
	{
		header ('HTTP/x 400 Bad Request');
		echo('<h1>Upward : erreur 400</h1>');
		echo('<p>Un probleme est servenue, merci de renvoyer le formulaire une nouvelle fois.</p>');
		die;
	}

//action customers

	//ajax - increment quantity of a product require POST
	function incProduct($id){
		$ar_products =  $this->Session->read('basket');
		//find product in the session var
		foreach($ar_products as $product_key => $ar_product){
			if($ar_product['id'] == $id){
				$key = $product_key;
				break;
			}
		}
		if(isset($key)){
			$ar_products[$key]['quantity']++;
		}else{
			die('erreur');
		}
		$this->Session->write('basket', $ar_products);
		$this->set('products', $ar_products);
		$this->render('products_list', 'ajax');
	}
	
	//ajax - decrement quantity of a product require POST
	function decProduct($id){
		$ar_products =  $this->Session->read('basket');
		//find product in the basket session var
		foreach($ar_products as $product_key => $ar_product){
			if($ar_product['id'] == $id){
				$key = $product_key;
				break;
			}
		}
		if(isset($key)){
			$ar_products[$key]['quantity']--;
			if($ar_products[$key]['quantity'] <= 0){
				unset($ar_products[$key]);
			}
		}else{
			die('erreur');
		}
		$this->Session->write('basket', $ar_products);
		$this->set('products', $ar_products);
		$this->render('products_list', 'ajax');
	}
	
	
	//ajax - delete prod from basket session var require POST
	function delProduct($id){
		$ar_products = $this->Session->read('basket');
		//find the prod to del
		foreach($ar_products as $product_key => $ar_product){
			if($ar_product['id'] == $id){
				$key = $product_key;
				break;
			}
		}
		if(isset($key)){
			unset($ar_products[$key]);
		}else{
			die('erreur sur la variable de session');
		}
		$this->Session->write('basket', $ar_products);
		$this->set('products', $ar_products);
		$this->render('products_list', 'ajax');
	}

	function mybasket(){
		if($this->Session->read('user')){
			$basket = $this->Session->read('basket');
			//$products = array();
			if(!empty($basket))
			{
				$this->set('products', $basket);
			}else{
				$this->Session->setFlash('Le panier est vide.');
				$this->redirect('/products/index');
			}
		}else{
			$this->Session->setFlash('Il faut loggé pour voir cette page');
			$this->redirect('/users/login');
		}
		
	}
	
	function deleteBasket(){
		$this->Session->delete('basket');
		$this->Session->setFlash('Le panier a été effacé.');
		$this->redirect('/products/index');
	}

//action dealer
	function index() {
		if(!$this->Acl->check($this->Session->read('user'), '/customers', 'read')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/users/index');
		}else{
			$this->Customer->recursive = 0;
			$this->set('customers', $this->Customer->findAll());
		}
	}

	function view($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Customer.');
			$this->redirect('/customers/index');
		}
		if(!$this->Acl->check($this->Session->read('user'), 'customer-'.$id, 'read')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/users/index');
		}else{
			$this->set('customer', $this->Customer->read(null, $id));
		}
	}

	//ajax - in bills/add - require Post
	function ajaxadd(){
		if(empty($this->data)) {
			$this->set('users', $this->Customer->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));
			$this->render('ajaxadd', 'ajax');
		}else{
			$san = new Sanitize();
			$this->data['Customer']['username'] = $san->paranoid($this->data['Customer']['username']);
			$this->data['Customer']['first_name'] = $san->paranoid($this->data['Customer']['first_name'], array('-'));
			$this->data['Customer']['last_name'] = $san->paranoid($this->data['Customer']['last_name'], array('-', ' '));
			$this->data['Customer']['email'] = $san->paranoid($this->data['Customer']['email'], array('-', '+', '.', '@'));
			
			$this->cleanUpFields();
			if($this->Customer->save($this->data)) {
				//ACL
				$aco = new Aco();
				$aco->create($this->Customer->id, null, 'customer-'.$this->Customer->id);
				$this->Acl->allow('dealers', 'customer-'.$this->Customer->id);
				$this->Acl->deny('dealers', 'customer-'.$this->Customer->id, 'delete');
				$this->Acl->allow('admins', 'customer-'.$this->Customer->id);
				
				$this->Session->setFlash('The Customer has been saved');
				$this->set('closeajax', true);
				$this->render('ajaxadd', 'ajax');
			} else {
				$this->Session->setFlash('Please correct errors below.');
				$this->set('users', $this->Customer->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));
				$this->render('ajaxadd', 'ajax');
			}
		}
	}
	
	function add() {
		if(!$this->Acl->check($this->Session->read('user'), '/customers', 'create')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/users/index');
		
		}elseif(empty($this->data)) {
			$this->set('users', $this->Customer->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));
			$this->render();
		} else {
			$san = new Sanitize();
			$this->data['Customer']['username'] = $san->paranoid($this->data['Customer']['username']);
			$this->data['Customer']['first_name'] = $san->paranoid($this->data['Customer']['first_name'], array('-'));
			$this->data['Customer']['last_name'] = $san->paranoid($this->data['Customer']['last_name'], array('-', ' '));
			$this->data['Customer']['email'] = $san->paranoid($this->data['Customer']['email'], array('-', '+', '.', '@'));
			
			$this->cleanUpFields();
			if($this->Customer->save($this->data)) {
				//ACL
				$aco = new Aco();
				$aco->create($this->Customer->id, null, 'customer-'.$this->Customer->id);
				$this->Acl->allow('dealers', 'customer-'.$this->Customer->id);
				$this->Acl->deny('dealers', 'customer-'.$this->Customer->id, 'delete');
				$this->Acl->allow('admins', 'customer-'.$this->Customer->id);
				
				$this->Session->setFlash('The Customer has been saved');
				$this->redirect('/customers/index');
			} else {
				$this->Session->setFlash('Please correct errors below.');
				$this->set('users', $this->Customer->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));
			}
		}
	}

	function edit($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Customer');
			$this->redirect('/customers/index');
		}
		if(!$this->Acl->check($this->Session->read('user'), 'customer-'.$id, 'update')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/users/index');
		
		}elseif(empty($this->data)) {	
			$this->data = $this->Customer->read(null, $id);
			$this->set('users', $this->Customer->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));
		} else {
			$san = new Sanitize();
			$this->data['Customer']['username'] = $san->paranoid($this->data['Customer']['username']);
			$this->data['Customer']['first_name'] = $san->paranoid($this->data['Customer']['first_name'], array('-'));
			$this->data['Customer']['last_name'] = $san->paranoid($this->data['Customer']['last_name'], array('-', ' '));
			$this->data['Customer']['email'] = $san->paranoid($this->data['Customer']['email'], array('-', '+', '.', '@'));

			$this->cleanUpFields();
			if($this->Customer->save($this->data)) {
				$this->Session->setFlash('The Customer has been saved');
				$this->redirect('/customers/index');
			} else {
				$this->Session->setFlash('Please correct errors below.');
				$this->set('users', $this->Customer->User->generateList(null, 'username ASC', null, '{n}.User.id', '{n}.User.username'));			}
		}
	}

//action admin
	function delete($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Customer');
			$this->redirect('/customers/index');
		}
		if(!$this->Acl->check($this->Session->read('user'), 'customer-'.$id, 'delete')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/users/index');
		}elseif($this->Customer->del($id)) {
			//ACL
			$aco = new Aco();
			$aco->delete('customer-'.$id);
			
			$this->Session->setFlash('The Customer deleted: id '.$id.'');
			$this->redirect('/customers/index');
		}
	}

}
?>